chore: update dependencies & replace safety with pip-audit

.github/workflows/audit.yaml

@@ -0,0 +1,15 @@
+name: Audit
+on: push
+jobs:
+  audit:
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.9"]
+    name: Audit python v${{ matrix.python-version }}
+    uses: Informasjonsforvaltning/workflows/.github/workflows/pip-audit.yaml@main
+    with:
+      python_version: ${{ matrix.python-version }}
+      python_architecture: x64
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/constraints.txt

@@ -1,6 +1,6 @@
-pip==24.0
-pipx==1.4.3
+pip==24.2
+pipx==1.7.1
 nox==2024.4.15
 nox-poetry==1.0.3
-poetry==1.8.2
-virtualenv==20.25.0
+poetry==1.8.3
+virtualenv==20.26.3

.github/workflows/deploy-staging.yaml

@@ -18,7 +18,6 @@ jobs:
       environment: staging
       cluster: digdir-fdk-dev
       nox_image: True
-      run_safety: True
     secrets:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       GCP_SA_DIGDIR_FDK_GCR_KEY: ${{ secrets.GCP_SA_DIGDIR_FDK_GCR_KEY }}

Dockerfile

@@ -5,7 +5,7 @@ RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
 WORKDIR /app
 
-RUN pip install "poetry==1.7.0"
+RUN pip install "poetry==1.8.3"
 COPY poetry.lock pyproject.toml /app/
 
 # Project initialization:

noxfile.py

@@ -1,7 +1,5 @@
 """Nox sessions."""
 
-import tempfile
-
 import nox
 from nox.sessions import Session
 import nox_poetry
@@ -144,25 +142,6 @@ def lint(session: Session) -> None:
     session.run("flake8", *args)
 
 
-@nox_poetry.session(python=["3.9"])
-def safety(session: Session) -> None:
-    """Scan dependencies for insecure packages."""
-    with tempfile.NamedTemporaryFile() as requirements:
-        session.run(
-            "poetry",
-            "export",
-            "--dev",
-            "--format=requirements.txt",
-            "--without-hashes",
-            f"--output={requirements.name}",
-            external=True,
-        )
-        session.install("safety")
-        session.run(
-            "safety", "check", f"--file={requirements.name}", "--output", "text"
-        )
-
-
 @nox_poetry.session(python=["3.9"])
 def mypy(session: Session) -> None:
     """Type-check using mypy."""

pyproject.toml

@@ -15,32 +15,31 @@ classifiers=[
 
 [tool.poetry.dependencies]
 python = "^3.9"
-gunicorn = "^21.2.0"
+gunicorn = "^23.0.0"
 python-dotenv = "^1.0.0"
-requests = "^2.31.0"
-aiohttp = "^3.9.5"
+requests = "^2.32.3"
+aiohttp = "^3.10.5"
 python-json-logger = "^2.0.7"
-aiohttp-middlewares = "^2.3.0"
+aiohttp-middlewares = "^2.4.0"
 
 [tool.poetry.dev-dependencies]
 asynctest = "^0.13.0"
-pytest = "^8.1.1"
-coverage = {extras = ["toml"], version = "^7.4.4"}
-pytest-asyncio = "^0.23.6"
+pytest = "^8.3.2"
+coverage = {extras = ["toml"], version = "^7.6.1"}
+pytest-asyncio = "^0.24.0"
 pytest-dotenv = "^0.5.2"
 pytest-docker = "^3.1.1"
-pytest-cov = "^4.1.0"
-black = "^24.4.2"
-flake8 = "^7.0.0"
+pytest-cov = "^5.0.0"
+black = "^24.8.0"
+flake8 = "^7.1.1"
 flake8-bandit = "^4.1.1"
 flake8-black = "^0.3.6"
-flake8-bugbear = "^24.4.26"
+flake8-bugbear = "^24.8.19"
 flake8-docstrings = "^1.7.0"
 flake8-import-order = "^0.18.2"
-pep8-naming = "^0.13.3"
-safety = "^3.0.1"
-mypy = "1.10.0"
-flake8-annotations = "^3.0.1"
+pep8-naming = "^0.14.1"
+mypy = "1.11.2"
+flake8-annotations = "^3.1.1"
 codecov = "^2.1.13"
 requests-mock = "^1.11.0"
 pytest-mock = "^3.12.0"